Select Page
Epicor MRP Keeps You On-Time and Customers Happy

Epicor MRP Keeps You On-Time and Customers Happy

ERP!  ERP!  How do I love thee?  Let me Count the Ways: A Robust Materials Resource Planning ( MRP ) Engine

 

 

One of my favorite movies growing up was The Wizard of Oz.  One of my favorite scenes was when the “Wizard” was exposed as the “man behind the curtain,” pulling levers and revealing the secrets of the kingdom.  In the business world, this phrase has morphed into meaning a person who elusively controls the intricacies of a large enterprise—and no one really knows the who, what, when, or how of the magic behind the success.  MRP (Materials Resource Planning) is like this “man behind the curtain.”  Incredibly powerful, MRP manages the forces of supply and demand, keeping everything under control.

 

 

There are basically three questions that a manufacturer has, and MRP answers:

  • What does the customer want?
  • How many do they want?
  • When do they want it?

 

While those three questions seem relatively simple in nature, executing them in an efficient and profitable manner can become an extremely daunting, or even impossible task if you don’t have the correct tools.  Fortunately, the Epicor MRP Engine is a highly sophisticated but user-friendly process that can help companies increase on-time performance, lower inventory and improve efficiency.  MRP takes all three of these questions and looks at them holistically, to manage all variables that can occur on a shop floor.

 

What product does the customer want?

 

To answer this, MRP first looks to see if the part is purchased or manufactured.  At the core of the system is the type-attribute of the part.  Epicor defines a part in three ways: purchased, manufactured or sales kit.  Purchased Parts can have a defined lead-time and are used in determining when product can be available if stock is not available.  Manufactured Parts are built-up with routings and bills of materials.  MRP will take into account the time it takes for each operation, dependent on the quantity and material availability, to determine when the product will be available to ship, based on capacity on the shop floor.  Sales kits can be a combination of purchased and manufactured Parts and will use either or both types of logic to determine availability.

 

What quantity does the customer need?

 

Based on demand from forecasts or actual Sales Orders, the system looks at the current inventory level.  If there is insufficient inventory, it will suggest to the Purchasing Department to buy some if it’s purchased or will suggest to the Planning Department to create a job to make some, if it’s manufactured.

 

What is the customer’s timeline?

 

This is where the Epicor MRP logic will take the first two questions and analyze two things: If we don’t have it in stock, can we buy it in time to deliver it, or do we have enough material and resources available to build how many they want?  And it does this by taking into account not just one particular Sales Order, but all of the Sales Orders, and all of the inventory stocking levels and Job demands within a plant.  Obviously, this is a very tall order, and in a dynamic manufacturing environment, things are often changing on a daily, if not hourly, basis.  Because the MRP process can be such an intensive hardware resource demand, Epicor can be configured to run on a schedule (often times at night), either by looking at net change (to only work on those things that have changed since MRP was last run) or by being regenerative (to recalculate all demand).

 

Epicor also has the ability to run MRP for a specific part.  Have a customer that needs a part ASAP?  Now instead of having to wait for MRP to run, management has the ability to see the potential status of a job in a matter of minutes, and not hours, as MRP only has a single part to analyze.  The MRP process can also be limited to a plant, product family, or commodity class—reducing the time and resources required to generate the needed supply records.   Epicor MRP also supports multi-level pegging, which gives users the ability to trace the supply to each discrete source of demand.  This process also drives the projected Sales Order shortages and is an incredibly powerful tool to manage customer satisfaction.

The Epicor ERP system, in conjunction with its versatile and powerful MRP process, allows your organization to “see behind the curtain” at an organizational level, revealing what the current demands for your products are and if you have the necessary supply to meet demand in a timely and profitable fashion.

 

There are lots of things to love about Epicor’s E10 ERP application.

 

Want to know a few more?  Read our “ERP! How do I love thee?” series and give us a call with any questions you may have. 

5 Ways EstesGroup Helps with Your CMMC Compliance

5 Ways EstesGroup Helps with Your CMMC Compliance

You might be reading this post if you are researching Cybersecurity Maturity Model Certification (CMMC), your company needs to become compliant, or your company is already compliant with CMMC but you have need of more IT services. In 2019 the Department of Defense announced a new cybersecurity protocol named CMMC that all DoD contractors (and some of their supply chains) would need to adhere to starting in 2020. There are 5 Levels of CMMC Certification, and EstesGroup can be an asset to companies in any of the levels.

 

5 Ways EstesGroup Helps with Your CMMC Compliance

  1. EstesGroup helps you identify the technology and/or services you need to meet your CMMC Level Requirements.  
  2. EstesGroup can improve your Process Maturity by helping evaluate your Procedures, Policies, or Practices. Once we’ve reviewed those processes, we can help update them to ensure you meet your CMMC Level and other compliance requirements. 
  3. There are 17 Domains that CMMC is built on. EstesGroup has the experience, tools, and services to support your business across nearly all of these domains.  
    • EstesGroup routinely deploys tools and managed services that directly support these CMMC domains: 
      • Access Control, Asset Management, Audit and Accountability, Configuration Management, Identification and Authentication, Maintenance, Recovery, Risk Management, Security Assessment, Situational Awareness, Systems and Communications Protection, and System and Information Integrity. 
    • EstesGroup can consult on and support technology used in these domains as well, but these domains typically require internal personnel or a third party on-site.  
      • Awareness and Training, Incident Response, Media Protection, Personnel Security, Physical Protection, and Risk Management 
  4. EstesGroup Managed Services (ERP Hosting ECHO & Managed IT) employ many of the standard Cybersecurity measures required for CMMC. We regularly monitor our internal and client assets for threats, perform preventative maintenance, and update technology or processes to meet or exceed cybersecurity requirements.  
  5. EstesCloud Hosting (ECHO) services enable many CMMC requirements without significant impact to you, your users, or your bottom line. By hosting your servers or software solutions in a managed cloud environment, you can compartmentalize your compliant systems and protect them at the highest CMMC levels, without locking down your whole office. For more details, see our page on EstesCloud Hosting for Aerospace & Defense  

 

 

To Learn about CMMC, read our blog What is CMMC: Cybersecurity Maturity Model Certification?”

 

EstesGroup is a Managed Services Provider working with Manufacturing and Distribution companies by providing ERP Hosting (ECHO), Managed IT, Epicor ERP, and Prophet 21 ERP services.

 

Have questions about CMMC or do you want more information on how EstesGroup makes companies more secure? Contact us today!

 

What is CMMC: Cybersecurity Maturity Model Certification?

What is CMMC: Cybersecurity Maturity Model Certification?

CMMC: The Looming Cyber-Security Certification that Affects 60,000+ Companies

 

In 2019, the U. S. Department of Defense (DoD) announced a new security protocol program for contractors called Cybersecurity Maturity Model Certification (CMMC). CMMC is a DoD Certification process that lays out a contractor’s security requirements, and it is estimated that between 60,000-70,000 companies will need to become CMMC compliant in the next 1-3 years 

 

CMMC is basically a combination and addition to existing regulations in 48 Code of Federal Regulations (CFR) 52.204-21 and the Defense Federal Acquisition Regulation Supplement (DFARS) 252.204-7012, and includes practices from National Institute and Technology (NIST) 800-171, the United Kingdoms’ Cyber Essentials, and Australia’s Essential Eight requirements. International Traffic in Arms Regulations (ITAR) will remain a separate certification from CMMC – though companies that are ITAR Compliant will need to adhere to CMMC as well. 

 

CMMC Version 1.0 was released late January 2020. To view the latest CMMC document, visit the CMMC DoD site. To get help now with cybersecurity and compliance regulation, talk to our EstesCare Guard team.

 

CMMC Notables 

  • There are 5 levels of the security maturity process (basic is 1 and most stringent is 5). 
  • Any company that directly (or even some that indirectly) does business with DoD will adhere to CMMC –and that means direct DoD contractors and high-level CMMC companies’ supply chains must also adhere to, at minimum, base level requirements. 
  • There is no self-assessment (unlike NIST), and companies need to get certified through a qualified auditing firm. 
  • DoD will publish all contractor’s certification level requirements. 

Is My Business Affected by CMMC? 

 

This is easily answered with a 2-part question: 1) Is your business a direct contractor to the DoD, or 2) does your business do business with a company that is a contractor to the DoD*? If you answered “yes” to question 1, then your business will need to be CMMC compliant. If you answered “yes” to number two, then it is very probable that your company will need to be CMMC compliant. 

What are the CMMC Levels? 

  • Level 1 – “Basic Cyber Hygiene”  
    • Antivirus 
    • Meet safeguard requirements of 48 CFR 52.204-21 
    • Companies might be required to provide Federal Contract Information (FCI) 
  • Level 2 – “Intermediate Cyber Hygiene” 
    • Risk Management 
    • Cybersecurity Continuity plan 
    • User awareness and training 
    • Standard Operating Procedures (SOP) documented 
    • Back-Up / Disaster Recovery (BDR) 
  • Level 3 – “Good Cyber Hygiene”
    • Systems Multi-factor Authentication 
    • Security Compliance with all NIST SP 800-171 Rev 1 Requirements 
    • Security to defend against Advanced Persistent Threats (APTs) 
    • Share incident reports if company subject to DFARS 252.204-7012 
  • Level 4 – “Proactive” 
    • Network Segmentation 
    • Detonation Chambers 
    • Mobile device inclusion 
    • Use of DLP Technologies 
    • Adapt security as needed to address changing tactics, techniques, and procedures (TTPs) in use by APTs 
    • Review & document effectiveness and report to high-level management 
    • Supply Chain Risk Consideration* 
  • Level 5 – “Advanced / Progressive” 
    • 24/7 Security Operations Center (SOC) Operation 
    • Device authentication 
    • Cyber maneuver operations 
    • Organization-wide standardized implementation of security protocols 
    • Real-time assets tracking 

One important thing to note about CMMC is that unlike NIST and other current certifications, CMMC will require certification from an authorized 3rd-party CMMC authorized certification company. Currently, most companies can self-certify for DoD-related securities. EstesGroup is not a CMMC Certification Company, but we can help companies prepare and boost security up to meet new requirements.

For more specifics on CMMC, access the latest DoD’s CMMC revision.

 

Learn more about CMMC with 5 Ways EstesGroup Helps with Your CMMC Compliance

 

Do you have questions about CMMC or about how EstesGroup can help your company with CMMC or other cybersecurity, compliance or data issues? Contact us or chat with us today.

12 Days of ECHO, Twelfth Day: My Admin Gave to Me, Ransomware 2020 the Good, Bad, and Ugly

12 Days of ECHO, Twelfth Day: My Admin Gave to Me, Ransomware 2020 the Good, Bad, and Ugly

Ransomware the hits keep coming going into 2020

 

By now, we’ve all heard about someone affected by ransomware. If it wasn’t a friend’s business, or a company you do business with, or the town you live in, or the hospital you visit – all you have to do is look at the news to see major enterprises being attacked and ‘taken out’ by this nefarious deed.  As long as people pay, the bad guys will keep using it as a tool. After all, they’re just chasing the money. 

 

So why do I title this “the good, the bad and the ugly”?  Well, if you’ve been hit, you know the bad part.  It’s expensive in both dollars and perception.  What good can come of ransomware? And besides the rising ransom amount, why is it about to get uglier! 

 

First, the good part.

 

It raises awareness that the bad guys are afoot. Wherever there’s profit, fame, political gain and more, there will be someone to play the villain (or hire them) to get the goods. Technology just made it easier. So, the good news is that you know about it!  

 

Second, the bad part.

 

Knowledge without action is a travesty. It would be even better if you acted on that knowledge and improved your defenses. Backups and disaster recovery plans are hopefully in place, but don’t assume YOUR backups and DR plans are solid.  Test them occasionally to find the problem before you need a restore. I can’t tell you how many businesses think their backups are solid to find out differently after the attack. 

 

Internet access should be a privilege, not a right. Virtually nobody should have unfettered access to any website they want. Users should get internet access based on their role in the company, not because they have a computer and a browser. ALL emails and internet access should be filtered, blocked, logged and if needed, analyzed. You need to be current on patches, antivirus, spam filtering, blah blah blah.  Sorry if I lost you there, but we’ve been beating that drum for years.  In fact, you might want to take away the internet from your users – let users surf only on their phones, on the guest wifi and NOT the corporate wifi.  Perhaps provide an internet kiosk that’s separate from the corporate network. 

 

Lastly, the ugly

 

The *really* ugly. Once you get ransomedyou can no longer assume that it’ll just lock your files up. That data of yours (oh, customer files, payroll info, vendor lists, etc.)  could have just as easily been copied to the attackers and then encrypted. So now, you don’t have your customer spreadsheet, but the bad guys do!  Imagine the horror when they go to all your clients to tell them you’ve been hacked and they have all this data about YOUR customers! If you are under HIPAA, you might as well close up shop, the HIPAA fines alone will knock a small practice down and out. What customer will solicit a company that not only leaked their information, but that same confidential information was POSTED on FaceBook? The depravity and damage can only be imagined at this time. 

 

So, if you got ransomed, and all you lost was a few (thousand) bucks, consider yourself lucky. It’s about to get a whole lot uglier.  The cities of Atlanta, Pensacola, and Baltimore will agree! 

 

Happy New Year to all and may 2020 be brighter, smarter and safer. 

If you liked reading the “Twelfth Day of ECHO” return to our main list to read all of the other “12 Days of ECHO” posts.

 

Do you have questions or need assistance with your ERP system or data security?  Please feel free to Contact Us and see if we can help get your bits and bytes in order.

12 Days of ECHO, Eleventh Day: My Admin Gave to Me, notes on Online Transaction Processing vs. Decision Support!

12 Days of ECHO, Eleventh Day: My Admin Gave to Me, notes on Online Transaction Processing vs. Decision Support!

Enterprise Resource Planning (ERP): Online Transaction Processing vs. Decision Support

 

So, you’ve got your ERP system up and running, and before long, the management team wants reportsdashboards and executive data out of the system. That makes perfect business sense, and most ERP systems (including Epicor) have a slew of built-in reports as well as a report designer – Epicor E10 uses SSRS, Microsoft’s flagship product for writing reports. 

 

However, there’s a potential problem. The activity of entering data, called “Online Transaction Processing” or OLTPis fundamentally different than the activity of reporting and summarizing that data, called “Decision Support”, or DS for short. Before we go further, let me also explain database locking. A lock is a basic database ‘tool’ that prevents other user from changing a piece of data that you are using. There are many types of locks, but for this discussion, a row (record) lock prevents others from editing that specific record– let’s say an invoice.  A table lock prevents anyone from editing anything in that whole table. It is our sincere desire to keep all locks as short as possible, for the longer the lock is held, the more likely it is for someone else to want that locked data. 

 

Online Transaction Processing (OLTP) locks individual records to allow parts to be sold, inventory to be adjusted, and invoices entered. Decision Support (DS) locks whole database tables to run a reportWhen managewants to see ainvoice report, nobody can be entering a new invoice while the report is being generated! While most locks are handled automatically, they cause delays and in rare cases of a deadlock, data loss. 

 

I’m oversimplifying the issue, but the long and short of it is that Online Transaction Processing (OLTP) and Decision Support (DS) fight each otherall day long.  In fact, locking contention is one of the main causes of database performance issues! There are several solutions, but a common one is to simply time the DS to occur after OLTP – that is, after the business closes. Many companies run their reports at night, not only because the system is more available, but all those pesky users aren’t entering data, locking records and causing issues! 

 

A more complex, but also common solution, is to copy the Online Transaction Processing (OLTP) database to a independent Decision Support (DS) database on a regular basis.  OLTP users get an optimized database for their activities, and the DS users can run reports all day long without locking the OLTP users out.  An ideal solution for a busy database, but it does have its downsides. You’ll need twice the disk space and a method to move the data from OLTP to DS.  Our clients use backup & restore, SQL replication, mirroring and all kinds of technology to duplicate the database and prevent the dreaded locking contention. 

 

Need help? Let us know and we’ll help you get your Online Transaction Processing and Decision Support properly segmented for best performance. 

If you liked reading the “Eleventh Day of ECHO” return to our main list to read all of the other “12 Days of ECHO” posts.

 

Do you have questions or need assistance with your Epicor system?  Please feel free to Contact Us and see if we can help get your bits and bytes in order.

12 Days of ECHO, Tenth Day: My Admin Gave to Me, Epicor Performance and Diagnostic Tool Checks!

12 Days of ECHO, Tenth Day: My Admin Gave to Me, Epicor Performance and Diagnostic Tool Checks!

SQL and the Reporting Engine

 

Epicor ERP 10 provides the Performance and Diagnostics Tool as part of your Epicor Administration Console.  While the tool is often installed when setting up an E10 solution, its often forgotten about afterwards.  The full tool has lots of capabilities, but I’d like to highlight the Config Check”. 

 

When first run, you have to go to Options-Settings and define which E10 application you are going to check, along with the Epicor username/password to access the data. 

 

Then, click the “Check Configuration” button and wait a few moments. The tool will go look at several parameters and find out which settings are Pass, Warning or Fail.  Depending on your environment, you’ll want to qualify those warnings or failures, as they might not be as disastrous as it seems.   

 

Here’s the output of one of our hosted Epicor servers running 10.2.500.  Looks like there might be something wrong with the SQL Setup. 

Using the ConfigCheck Details shows the underlying issues, in this case, there are several issues!  Some of the red lines are problems (like I might not have enough space in the SQL MDF file), while others are not (SIMPLE recovery mode is not a problem for this application)

In any case, before I start tuning, tweaking and fixing, I always export the result to Excel so I have a record of what it looked like today.  After I fix these items, I’ll re-run and re-export the check to show my client that the appropriate items were fixed.  Of course, if items are flagged but not fixed, I’ll include an explanation of why.  For example, Simple recovery mode on a SQL databases means I don’t have to worry about transaction log growth.  (See our prior post “SQL Transaction Log Maintenance”)

 

If you need details on how to correct each issue, you can drill into the ExternalLink provided. Warning – many corrections will require downtime, so while you can run the tool anytime, correcting things will likely be during a maintenance window.

 

I recommend running this tool as part of a quarterly or annual basis just to help keep your Epicor E10 system running smoothly.

If you liked reading the “Tenth Day of ECHO” return to our main list to read all of the other “12 Days of ECHO” posts.

 

Do you have questions or need assistance with your Epicor system?  Please feel free to Contact Us and see if we can help get your bits and bytes in order.